As mentioned above, Zope uses User objects to represent people interacting with the system. These User objects have information that identifies the user, such as a username and password, as well as information about what they can do in the system.
In Zope, User objects are stored in a special kind of Zope Folder called a
User Folder
. This Folder acts as a database of Users that exist in the Folder in which the User Folder is defined. For instance, consider the following Folder: :
If you have a Folder called Marketing , and you want to turn over the control of Marketing to Mary, then you would create a User Folder in Marketing and add a User to it for Mary.
It is important to note, though, that Mary is defined only at the level of Marketing, is which she might be a manager. If Mary tried to do a privileged operation in ZAcme the operation would fail because she does not exist in ZAcme. However, Mary can do privileged operations in East, because East is contained in Marketing.
Zope Users can be identified by HTTP Basic Authentication, a location, or both. For HTTP Basic Authentication, the user will be prompted for a username and a password, which Zope will use to try to find a matching User. For a location, Zope will look at the host/domain name of the requesting computer, or IP address, and look for configured Users allowed to come from that location.
When Zope needs to verify provided authentication, it first checks the contents of User Folders defined at the level of the operation. For instance, if Mary tried to visit the manage screen of East in the above example, and then provided a username and password, Zope would check first in the User Folder for East for a matching username and password. Failing that, it would look next in Marketing , then finally in ZAcme . If all of these fail to produce a Mary with the correct password, Zope would return an Unauthorized error .
Previous Chapter | Next Chapter | Up | Next Section | Contents